#technology

The Movie That Changed Cybersecurity: A Tech Focused Look At WarGames

ericcrichardson Leave a comment

If you work in cybersecurity or artificial intelligence today, you have likely suffered through your fair share of absolute nonsense Hollywood “hacks.” We all know the tropes: green text flying across a screen at terminal velocity, a protagonist fiercely mashing random keys, and someone screaming “I’m in!” just in time to save the world, every time I hear or see that line I cringe the deep cringe of annoyance. It is just painful exercise in suspension of disbelief.

But forty-three years ago, a movie hit theaters that didn’t just respect the foundational logic of technology—it actually terrified the leader of the free world so deeply that it fundamentally altered United States national security law.

That movie was the 1983 sci-fi thriller WarGames, I was just finishing my junior year of high school already with plans to go into Computer Science, and I was fascinated with the idea of Artificial Intelligence, but in the 80’s our over optimistic view of AI was that in just a few years we’d be where we are not in the 2020’s, ahh the optimism of youth.

The Camp David Screening That Sparked NSDD-145

In June 1983, President Ronald Reagan spent a weekend at Camp David, where he watched an advance screening of WarGames. The plot follows David Lightman (played by a young Matthew Broderick), a brilliant high school kid who accidentally hacks into a military supercomputer and nearly triggers World War III after mistaking a nuclear war simulation for a new computer game.

When Reagan returned to the White House the following Monday, he interrupted a serious meeting on military strategy with the Joint Chiefs of Staff to ask a blunt question: “Could something like this really happen?”

The Chairman of the Joint Chiefs, General John Vessey, took the question seriously. He returned a few days later with a chilling answer: “Mr. President, the problem is much worse than you think.”

That exchange directly catalyzed the drafting and signing of National Security Decision Directive 145 (NSDD-145) in 1984. It was the first-ever presidential directive focused entirely on telecommunications and automated systems security. 

So Reagan issued an executive order to strengthen cybersecurity practices just one year later. He didn’t really understand the broader impacts but many defense industry companies saw opportunities and fully jumped in.

When you really look at it WarGames remains a masterclass in systemic risk, totally un realistic but has enough nuggets of truth that it made for a great movie. It brilliantly highlights the catastrophic danger of connecting critical infrastructure to a learning machine without a human firmly kept in the decision-making loop.

Wardialing and the Vulnerability of the Human Element

To appreciate why the film holds up, we have to look at the technical realism of the opening act. David Lightman doesn’t bypass security using movie magic; he uses raw, systematic reconnaissance.

In 1983, long before ubiquitous fiber-optic broadband, the primary attack vector into any remote network was a standard analog telephone line.

[Attacking Terminal] —> (Automated Sequential Dialing) —> [Listening Modem] —> [Target Network]

David writes a script to sequentially dial every phone number in a specific Sunnyvale, California prefix, logging whichever numbers answer with a modem tone. This technique became so famous because of the film that the cybersecurity industry literally named it Wardialing.

When his computer finds an active modem, it turns out to belong to the WOPR (War Operation Plan Response) supercomputer. This sequence perfectly illustrates the flawed concept of Security through Obscurity. The military command assumed the WOPR was safe simply because its phone number wasn’t publicly listed. But as modern red teams know: if a modem or a port is listening, a threat actor will eventually find it. It is entirely a matter of time. 

Secondary tools

While not a direct plot point we saw Lightman in the movie use a specific tone, of 2600 Hz, which could then trick some phone switches into getting free long distance  calls. For those over fifty, remember when you had to meter our very minute when making  long distance call?  This showed that like any ‘hacker’ of the day would have many different tools in their toolbox to make gains.   It’s not just about war dialing, social engineering remains to this day one of the largest open holes there is.  The “wetware”, us humans, the always reliable weak link.

The Social Engineering Pivot

Finding the front door, however, is only half the exploit. To bypass the login screen, David shifts from a technical attack to Social Engineering. He researches the system’s creator, Dr. Stephen Falken, hunting through old academic papers and interviewing former colleagues. He ultimately uncovers a hidden backdoor password: “Joshua”—the name of Falken’s deceased son.

Dissecting the WOPR: Heuristics vs. Modern AI

If WarGames were remade today, the writers would undoubtedly throw around buzzwords like “Generative AI,” “Large Language Models,” or “Quantum Computing” to explain the threat. But the 1983 film got the computer science architecture exactly right for its era.

The WOPR is not an LLM. It doesn’t scrape data to write poetry or hallucinate legal briefs. It is a Heuristic-based Game Theory Engine.

System Feature1983 WOPR ArchitectureModern Generative AI
Core MechanismHeuristic-based Game TheoryDeep Learning & Neural Networks
ObjectiveStrategic optimization of defined rulesPattern recognition & statistical probability
Data ProcessingExhaustive decision-tree mappingVector embeddings & transformer architectures
InterfaceRigid command-line textNatural language processing

The AI Alignment Problem

The military high command trusted WOPR to control their nuclear launch capabilities because they wanted an automated response system that eliminated human hesitation. But in doing so, they ran headfirst into what we now call the AI Alignment Problem—the challenge of ensuring a machine’s objective function actually matches human values.

The WOPR does not understand the concepts of death, geopolitics, or the existential horror of mutual assured destruction. It only understands its mathematically programmed goal: to win the game. When the simulation starts, the machine treats a nuclear first strike identically to a move on a chessboard.

Even the UI/UX design reflects this mechanical coldness. While the giant glowing “big boards” in the NORAD command center are pure Hollywood spectacle designed to keep the audience visually engaged, the way the machine communicates with David is grounded in reality. It is entirely text-based command-line interaction—cold, rigid, and perfectly capturing the terminal culture of the early 1980s.

The Tic-Tac-Toe Logic Bomb

The climax of WarGames features one of the most elegant resolutions in science fiction history. To stop the computer from launching actual nuclear missiles, David forces the WOPR to play Tic-Tac-Toe against itself.

From a computer science standpoint, this is a brilliant demonstration of Reinforcement Learning navigating a Zero-Sum Game.

Tic-Tac-Toe is a mathematically solved game. If both sides play perfectly, the game will always result in a draw (a cat’s game). By forcing the AI to play against itself at lightning speed, David traps the system in an infinite loop of its own decision tree.

The WOPR runs millions of iterations, calculating every possible permutation of a nuclear exchange. It simulates US strikes, Soviet counterstrikes, and every tactical variation imaginable, searching for a path to victory.

[WOPR Explores Decision Tree]
       │
       ├──> Scenario A: Total Devastation (No Winner)
       ├──> Scenario B: Total Devastation (No Winner)
       └──> Scenario C: Total Devastation (No Winner)
       │
[System Realization: Game Unwinnable]

Ultimately, the flashing screens fall silent, and the machine outputs its legendary final realization:

“A strange game. The only winning move is not to play.”

In the language of modern cybersecurity architecture, this is the ultimate lesson in risk avoidance. Sometimes, the only way to protect a truly critical asset from automated threats or systemic failure is to remove it from the board entirely via an air-gapped system which means physically disconnecting it from the network. the Most air gapped system is a computer running in a room with no connection whatsoever to the outside world.

Final Verdict and Legacy

WarGames deserves a resounding A+ for intent and conceptual accuracy. While the processing speeds of David’s home setup are heavily optimized for Hollywood pacing, and real military networks possessed tighter physical isolation protocols even in the 1980s, the underlying logic is incredibly sound.

The movie also commands massive respect for its attention to detail. David’s home computer isn’t a prop; it is a genuine IMSAI 8080 microcomputer system, complete with an authentic FDC2-2 floppy drive system—a beautiful nod to the hobbyist roots of the early personal computing revolution. See the image below for what that looked like.

We have come an astronomical distance since 1983.

By the way the IMSAI 8080 was a ‘cousin’ of the computer I learned on starting when I was about 11, the Altair 8800 which was the PC that Gates and Allen started to write software for, their little company turned into Microsoft. I ended up moving across the country to work there for 17 years.  GWBASIC programmers unite! Below is an image of an Altair 8800 identical to the one my Dad built, he still has the darn thing. Yes you used to boot it up by flipping switches to load information in and it didn’t have a keyboard or monitor at first, to a ten year old it still felt like Star trek.

We have traded acoustic couplers for multi-gigabit networks, and basic heuristic engines for massive neural networks. Yet, as we hand over increasingly more operational control to automated software and autonomous systems, the core

question of WarGames remains uncomfortably urgent:  Have we actually fixed the “human-in-the-loop” problem, or are we just building a much faster WOPR? In Artificial Intelligence we often talk about having a human in the loop to ensure what’s coming out of your large language model is in fact tracking to real world expectations and is accurate, it’s not a new concept.

Like reading about AI?? I wrote a book on how Prompt Engineering here:  https://shorturl.at/hBA0I

Cryptography: Prime Numbers, Semi-Primes, and the Quantum Challenge

ericcrichardson Leave a comment

The art of encrypted communication evolved through the ages to safeguard data. From the earliest ciphers to the most sophisticated algorithms, cryptography is a key part of the digital infrastructure today. At the heart of this development is the use of primes and semi-prime numbers for encryption keys, allowing information to remain private from prying eyes. But even this powerful system is at risk because quantum computing is in the process of overturning the paradigm of security. Let’s take a very short look into this space.

A Brief History of Cryptography

The journey of cryptography began with simple substitution ciphers. One of the earliest examples is the Caesar cipher, where letters are shifted by a fixed number to obscure a message. The need for more complex encryption methods grew with the advancement of communication and warfare. By the 16th century, cryptographers developed polyalphabetic ciphers like the Vigenère cipher, which used multiple shifting patterns, making it much harder to crack.


And the 20th century saw the introduction of electro-mechanical encryption machines like the German Enigma machine during the Second World War. Its exploitation by Alan Turing and his Bletchley Park cryptographers showed the potential and finiteness of encryption. This was a new age that would demand mathematical encryption – one that could be cracked open by a capable adversary’s tools.

Prime and Semi-Prime Numbers in Encryption

Modern cryptography, in particular asymmetric encryption, rests on the mathematics of prime and semi-prime numbers. Prime numbers are numbers with one or more positive divisors of 1 and themselves. A semi-prime number consists of exactly two primes. Both these ideas have built the popular RSA encryption algorithm.

RSA Encryption: Prime and Semi-Prime Foundations

Developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman, RSA encryption relies on the difficulty of factoring large semi-prime numbers. Here’s how it works at a high level:

  1. Key Generation:
    • Two large prime numbers p  and q are selected.
    • Their product n=p×q becomes the modulus used in the encryption and decryption processes.
    • A public exponent e  and private exponent d are chosen such that they satisfy a mathematical relationship based on p and q.
  2. Encryption:
    • The public key, composed of n and e, is shared openly.
    • A message M is encrypted using the formula:
      C=Mmod n, where C is the cyphertext
  3. Decryption:
    • Using the private key (which includes d and n), the ciphertext can be decrypted with:
      M=CMod n.

RSA’s integrity rests on the fact that multiplying two large primes is computationally trivial, but factoring the semi-prime into its primes is impossibly complicated without knowing one of them in advance. The 2048-bit RSA key, for instance, has a semi-prime greater than 600 digits, and it is unusable for classic computers to brute-force its factors.

How Encryption Algorithms Leverage Mathematical Complexity

The hardness of mathematical problems is a key feature exploited in cryptography. In RSA, the prime factorization problem ensures security. Other algorithms rely on different mathematical challenges, such as:

  • Elliptic Curve Cryptography (ECC): Uses the difficulty of solving elliptic curve discrete logarithm problems.
  • Diffie-Hellman Key Exchange: Relies on the difficulty of computing discrete logarithms in modular arithmetic.
  • Advanced Encryption Standard (AES): Though AES is symmetric encryption (not using primes), it operates on complex transformations involving mathematical matrices and substitutions.

In each case, the security of the algorithm depends on the problem’s resistance to computational solutions.

The Quantum Computing Threat

While these cryptographic systems are secure against classical computers, quantum computing introduces a new paradigm. Quantum computers leverage the principles of quantum mechanics to solve certain mathematical problems exponentially faster than classical machines. Two quantum algorithms pose specific threats:

  1. Shor’s Algorithm: Can efficiently factor large semi-prime numbers, rendering RSA encryption vulnerable.
  2. Grover’s Algorithm: While not as devastating, it speeds up brute-force attacks on symmetric encryption algorithms, such as AES.

If large, fault-tolerant quantum computers are built into reality, a good deal of existing encryption will go extinct. This has inspired the advent of post-quantum cryptography, protocols capable of countering attacks by quantum computers. NIST (National Institute of Standards and Technology) has begun standardizing post-quantum cryptographic algorithms that may become the replacement for RSA and ECC as the cornerstone of secure communication.

A New Era in Cryptography

This interaction of primes and semi-primes has been an engine of contemporary encryption, which provides secure digital communication worldwide. From the brilliant wits of pre-Internet ciphers to the mathematics of RSA and ECC, encryption was always ahead of attackers – until now.


Quantum computing poses a serious threat to the discipline and demands that cryptographers restructure encryption protocols. As we begin to explore the technology of post-quantum algorithms, companies need to adapt to this new age of protection. Just as cryptography has proven itself to meet every previous problem, it will adapt again to keep our most important data safe, even under the new quantum computer.


The race is fully on building quantum computers and implementing quantum-proof encryption. Its final result might define secure communication for generations to come.

The ins and outs of using a VPN

ericcrichardson 2 Comments

One of the ways many people today are using Virtual Private Network, also known as a “VPN” is something you are hearing about often now likely.  You are likely seeing that is protects you from bad guys (aka the ever present “Hacker”) but just how does a VPN work?

The technology which would become the VPN started their life 25 years ago at Microsoft as part of Windows 95.  The problem which was being solved was the case where someone who worked for an organization who was traveling or located in a remote office who needed to securely connect to their home office.  While you could spend huge amount of money to get a dedicated direct physical connection between the two locations using the already existing worldwide Internet was a great way to go.   Effectively the team came up with the notion of creating a virtual dedicated line between two points. This became known a s PPTP- Point to Point Tunneling Protocol.  The way PPTP works is creating an encrypted connection between the remote user and the home office.

A standard Internet Connection with no VPN

What is a tunnel?

A VPN is just the next step in evolution of PPTN, the general way it works is a remote individual connects to a VPN server in a specific location. That connection is secure using encryption, they any other connections done are done from the VPN Server.  Again, the notion of the “tunnel” is like a virtual cable going from your computer to the VPN Server Selected.   The obvious use of the tunnel is security, if you and work are both connecting to a VPN server you have a virtual connection from you to work. So a Virtual Private Network is just that, you can access resources at work from the other side the world with the ease you would from inside the office.

Using a VPN as a corporate user

Benefits of a VPN

As you have encryption that means it’s much more difficult for bad guys to see your data, it’ll also prevent your ISP, or any organization for that matter with the sole exception of the VPN provider, from seeing your activity.  It also makes targeted marketing difficult as internet advertisers will have no idea who you are and where you are coming from.  Interestingly many private individuals have realized they would like some of those benefits. In the last few years, we have seen a spate of companies starting up to provide VPN services for anyone and they are pretty in expensive. 

VPN’s for everyone

A non-corporate connection to the Internet using a VPN Server- you can have a range of servers to choose from

These works just like their corporate cousins with the exception that you effectively connect to the internet from the VPN server you choose.  The “other end” of the connection is simply the internet versus a corporation. There are added benefits, a major one is regarding streaming services which restrict content depending on where you are located you can simply identify a VPN Server. 

There are some other great benefits, if you use a VPN connected to a specific country products or services could be priced much lower than where you are.  Airline tickets are a well known opportunity to connect to one country via a VPN to get better prices. I will note that as time goes on it’s more likely that merchants of all shapes and sizes will begin to identify popular VPN services and close these holes. In some countries where free speech is not guaranteed, a VPN could be a way to embrace free speech but at a risk to personal safety.

There are some less serious reasons to use a personal VPN-say you want to see the new episode of “Staged” from the BBC but you are in North America, you can select a server in the UK and the BBC would allow you to watch the episode as opposed to waiting for it to come to a streaming service in North America. 

Looking at the BBC from North America

As an example, you can see that he BBC main page is quite different when connecting from North America versus the UK, as in the second instance a VPN was used to connect to the UK.  You will notice that the websites are similar but quite different.

Looking at the BBC Website using a VPN in the UK from North America

I hope this has helped give you a quick overview on VPNs, why people use them and can help you to identify if you wish to use one or not.  They are not awfully expensive for private individuals and are becoming much more popular.  Using one all the time, just connect to your own country, is not a bad way to go as it is still a more secure way to browse the web. There will be minor lag triggered due to the encryption, but you will not notice it under normal browsing conditions.  Most personal VPN companies offer a free trial, give it a spin!

@ericcrichardson